[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problem with automatic upgrade (changed conffile)

Kjetil Kjernsmo wrote:

On mandag 19 september 2005, 00:18, Hans Ekbrand wrote:
You must
expect issues like these, it is a feature... :-)
Not getting security updates automatically installed a feature? Not
in my world!

Well, imagine the security.debian.org box getting compromised, and the attacker pumping out a trojanned "security" upgrade. You install it automatically before the Debian folks take the box out. The attacker has your IP too... That's a serious single point of failure for the entire community, you know... I prefer to read and understand the DSA, and check that the DSA is signed with a key I trust (I'm just a hop from joey) before I do a manual apt-get upgrade on affected machines.
But if the <insert_server_here> is compromised, won't they also have the key?

Reply to: